PT-2025-30726

Name of the Vulnerable Software and Affected Versions Koa versions up to 3.0.0 Description A problematic issue exists in KoaJS Koa. The back function within the HTTP Header Handler component, located in lib/response.js, is susceptible to open redirect attacks through manipulation of the Referrer...

CVE-2024-40686

IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including...

CVE-2024-40686

IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including...

CVE-2024-40686 IBM SmartCloud Analytics - Log Analysis HOST header injection

IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including...

CVE-2024-40686 IBM SmartCloud Analytics - Log Analysis HOST header injection

IBM SmartCloud Analytics - Log Analysis 1.3.7.0, 1.3.7.1, 1.3.7.2, 1.3.8.0, 1.3.8.1, and 1.3.8.2 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including...

PT-2025-30563 · Ibm · Ibm Smartcloud Analytics Log Analysis

Name of the Vulnerable Software and Affected Versions: IBM SmartCloud Analytics - Log Analysis versions 1.3.7.0 through 1.3.8.2 Description: IBM SmartCloud Analytics - Log Analysis is susceptible to HTTP header injection due to inadequate validation of input provided through the HOST headers. Thi...

openjdk: Improve HTTP client header handling (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Oracle Java SE: 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1...

CVE-2025-7339 on-headers vulnerable to http response header manipulation

on-headers is a node.js middleware for listening to when a response writes headers. A bug in on-headers versions 1.1.0 may result in response headers being inadvertently modified when an array is passed to response.writeHead. Users should upgrade to version 1.1.0 to receive a patch. Uses are...

CVE-2025-53641

Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery SSRF condition, which can be exploited to initiate unauthorized...

CVE-2025-53641 Postiz allows header mutation in middleware facilitates resulting in SSRF

Postiz is an AI social media scheduling tool. From 1.45.1 to 1.62.3, the Postiz frontend application allows an attacker to inject arbitrary HTTP headers into the middleware pipeline. This flaw enables a server-side request forgery SSRF condition, which can be exploited to initiate unauthorized...

CVE-2025-43933

fblog through 983bede allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

CVE-2025-43931

flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

(Pwn2Own) Microsoft SharePoint ToolPane Authentication Bypass Vulnerability

This vulnerability allows remote attackers to bypass authentication on affected installations of Microsoft SharePoint. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the Referer HTTP header provided to the ToolPane endpoint. The...

CVE-2025-43932

JobCenter through 7e7b0b2 allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

CVE-2025-43933

fblog through 983bede allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

CVE-2025-43930

Hashview 0.8.1 allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

CVE-2025-43931

flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...

CVE-2025-50404

Intelbras RX1500 Router v2.2.17 and before is vulnerable to Integer Overflow. The websReadEvent function incorrectly uses the int type when processing the "command" field of the http header, causing the array to cross the boundary and overwrite other fields in the array...

CVE-2025-50404

Intelbras RX1500 Router (versions ≤ 2.2.17) is affected by an integer overflow in the websReadEvent() function during processing of the HTTP header’s command field, causing an out-of-bounds write that overwrites adjacent data. Documents describe the vulnerability as allowing potentially arbitrary...

SUSE SLES15 / openSUSE 15 Security Update : nodejs20 (SUSE-SU-2025:02045-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:02045-1 advisory. Update to 20.19.2: - CVE-2025-23166: improper error handling in async cryptographic operations crashes process...